It’s Patch Tuesday for the second time this month — except this week it’s Adobe and Apple, not Microsoft, products that have urgent security updates.
Adobe yesterday released updates for its Acrobat and Reader applications and Flash Player browser plug-in to patch a dangerous vulnerability reported last week.
Bad guys had already been using the hole to attack PC users via Excel files infected with bad Flash objects.
The vulnerability affects all major PC operating systems (Windows, Mac and Linux), plus a minor one (Oracle’s Solaris) and Android OS smartphones, as well as all browsers.
Google’s Chrome got a jump on the Flash Player patch a few days earlier, thanks to a tight relationship with Adobe. Users running Chrome will still have to patch other browsers and the stand-alone Reader and Acrobat applications.
As has been the case for years, Internet Explorer requires a separate Flash Player plug-in from the other browsers.
Apple iOS devices will not need a patch; Steve Jobs’ ban on Flash for the iPhone and iPad seems to extend to Acrobat and Reader as well. (iOS reads PDF files natively.)
All patches are available from Adobe’s website here.
Slightly less urgent, but no less comprehensive, is Apple’s latest and possibly final major update to its Snow Leopard version of OS X.
This one bumps the version number up to 10.6.7 and patches 40 vulnerabilities in Apple and open-source apps and services, many related to the handling of image files.
Sophos’s Naked Security blog notes that the update also boosts Apple’s Safari browser to 5.0.4, which patches another 60 or so security holes.
Similar security upgrades are also available for OS X 10.5 Leopard, the last version of OS X to run on PowerPC-based Macs.
Apple’s OS X 10.7 Lion is scheduled to come out this summer.
Apple’s Software Update should automatically download the updates and prompt users to install them. If not, the updates can be found here.
- Flash Player Flaw Leads to ‘Zero Day’ Attack
- Security and Privacy Software Review
- Most Users Leave Web Browsers Open to Attack
© 2012 SecurityNewsDaily. All rights reserved